Hi,
I am trying to achieve to set password expiry for Auth0 users and upon expiry display, a proper error message saying your password expired and click here to reset your password .
for which I am trying to use “Check Last Password Reset” RULE.
However, using this rule it does not actually expire the password instead it is throwing 500 Internal server error on Assertion consumer service url POST request and in SAML Response it is returning the message we wrote in the rule.
also, I can see it is sowing as successful last login.
basically, that rule is sending incorrect SAML to the application.
Here is the Javascript in the rule.
function checkLastPasswordReset(user, context, callback) {
function daydiff(first, second) {
return (second - first) / (1000 * 60 * 60 * 24);
}
const last_password_change = user.last_password_reset || user.created_at;
if (daydiff(new Date(last_password_change), new Date()) > 1) {
return callback(new UnauthorizedError(“Your Password has expired… please reset”));
}
callback(null, user, context);
}
Here is the sample SAML Response.
<samlp:Response xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”
ID=“_35c6c55ec7bc765920ba”
InResponseTo=“_6483bb4c46229d099b403ff2864e2d1d21a53616f4”
Version=“2.0”
IssueInstant=“2022-04-10T13:19:29.888Z”
Destination=“https://xxx.xx.xx.au/xx-xxxx/poc/sso/saml/saml2_assertion_consumer_service”
>
<saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:xxxxxx.au.auth0.com</saml:Issuer>
samlp:Status
<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Responder” />
<samlp:StatusMessage Value=“Your Password has expired… please reset” />
</samlp:Status>
</samlp:Response>
can you guide me to customize this javascript… actually Auth0 to display " Password Expired Message" and provide link to reset the password.